摘要 |
<p>Post-authentication session hijacks (Man in the Browser attacks) caused by malware (125) are prevented by establishing a second communication channel (129) between a user (120) and a verification server (110) which identifies algorithms by which output data is derived from input data (eg. PIN, CAPTCHA or transaction data) for comparison and verification by the server. The second channel is established using a shared secret key (eg. Diffie-Hellman), and decoy algorithms may also be stored in memory (122).</p> |